Key-based security is a mechanism used to provide security between communicating entities (e.g., servers). Keys are pieces of information (e.g., parameters) that determine the functional output of a cryptographic algorithm. During encryption, a key specifies the particular transformation used to encrypt a piece of data. Likewise, during decryption, a key specifies the particular transformation used to decrypt a piece of data. This is in contrast to password-based security in which data is transmitted between entities so long as an entity can be properly authenticated using a password. Generally, keys are preferred over passwords because of their enhanced security and decreased susceptibility to being stolen.
Conventionally, an entity that utilizes key-based security generates a public key/private key pair. The public key is released by the key-generating entity to the public to allow external entities to communicate with the key-generating entity. External entities then utilize the public key to encrypt data that they wish to communicate with the key-generating entity. The key-generating entity then utilizes the private key to decrypt data received from the external entities. In this way, communication with a key-generating entity can be controlled by controlling access to the public key by external entities. In the situation where a public key becomes lost or stolen, the key generating entity may simply generate a new public key/private key pair for subsequent communication.
A networked virtualization environment for storage management includes a number of nodes (e.g., servers, data centers, etc.) operating in a closed networked environment. Each node services the storage needs for a number of virtual machines running within a virtualization environment of the node using local storage as well as cloud storage or networked storage. The addition of nodes to an existing networked virtualization environment requires added security measures to ensure that unauthorized/accidental entry into the added node is prevented. Likewise, any security mechanism used within the networked virtualization environment for storage management must be able to overcome the limitations of password-based security.